Add -new and -subj options to x509 app for direct cert generation

Complete and improve error output of parse_name() in apps/apps.c

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8193)

1 files changed, 20 insertions, 1 deletions

diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index 0703e087a3..2ff49f6243 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 9;
+plan tests => 10;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -34,6 +34,25 @@ is(cmp_text($out, srctop_file("test/certs", "cyrillic.utf8")),
    0, 'Comparing utf8 output');
 unlink $out;
 
+# producing and checking self-issued (but not self-signed) cert
+my @path = qw(test certs);
+my $subj = "/CN=CA"; # using same DN as in issuer of ee-cert.pem
+my $pkey = srctop_file(@path, "ca-key.pem"); #  issuer private key
+my $pubkey = "ca-pubkey.pem"; # the corresponding issuer public key
+# use any (different) key for signing our self-issued cert:
+my $signkey = srctop_file(@path, "ee-ecdsa-key.pem");
+my $selfout = "self-issued.out";
+my $testcert = srctop_file(@path, "ee-cert.pem");
+ok(run(app(["openssl", "pkey", "-in", $pkey, "-pubout", "-out", $pubkey]))
+   &&
+   run(app(["openssl", "x509", "-new", "-force_pubkey", $pubkey,
+            "-subj", $subj, "-signkey", $signkey, "-out", $selfout]))
+   &&
+   run(app(["openssl", "verify", "-no_check_time",
+            "-trusted", $selfout, $testcert])));
+unlink $pubkey;
+unlink $selfout;
+
 subtest 'x509 -- x.509 v1 certificate' => sub {
     tconversion("x509", srctop_file("test","testx509.pem"));
 };